I’ve never really bought the whole ‘security through low popularity’ argument, and over the last year my disagreement with that notion has crystallized into two words:

Jailbroken iPhone.

The iPhone’s market share and total installed base are both well smaller than the equivalent numbers for OS X, yet people were hacking the iPhone since day one. It takes some serious mental gymnastics to explain how low market share and overwhelming ‘cool’ factor can produce a hacking community in no time at all, while the same factors have left the Mac untouched for ten years.

That’s not to say I think OS X security is perfect — far from it. But the specific nature of the iPhone exploits demonstrates what I think is the critical difference between Mac security and Windows security.

Jailbreaking an iPhone is an exploit that operates under human guidance, and requires physical access to the device. The exploits that create Windows botnets are fully automated.

That’s where I see the difference: The automated attack surface for Macs is relatively small, while the automated attack surface of pre-Vista Windows is huge. It’s the difference between having to pick the lock on a door by hand, and being able to hack a garage opener to open 80% of the houses on any given block at the press of a button.